Problem Note 70945: SAS® Web Application Server contains Apache Tomcat version 9.0.86, which is affected by CVE-2024-34750
 |  |  |  |  |
Severity: High
Description: SAS Web Application Server contains Tomcat 9.0.86, which is affected by CVE-2024-34750.
Potential Impact: An attacker could exploit the improper handling of exceptional conditions and uncontrolled resource consumption vulnerability in Tomcat 9.0.86 to open numerous connections to the server and exhaust its resources, potentially leading to a denial-of-service (DoS) attack.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Application Server | Solaris for x64 | 9.47 | 9.4 TS1M7 | ||
| Linux for x64 | 9.47 | 9.4 TS1M7 | ||||
| HP-UX IPF | 9.47 | 9.4 TS1M7 | ||||
| 64-bit Enabled Solaris | 9.47 | 9.4 TS1M7 | ||||
| 64-bit Enabled AIX | 9.47 | 9.4 TS1M7 | ||||
| Microsoft® Windows® for x64 | 9.47 | 9.4 TS1M7 | ||||
A fix for this issue for SAS Web Application Server 9.48 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/M3P.html#70945A fix for this issue for SAS Web Application Server 9.47 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/M3B.html#70945| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2024-09-05 10:00:08 |
| Date Created: | 2024-08-26 14:58:26 |